Dezembro 4, 2019

QR code enrollment (for Android 10 devices)

Samsung Knox Team

The Samsung Knox team is pleased to introduce QR code enrollment as a fourth device-side enrollment option for Android 10 devices in addition to existing Bluetooth, NFC, and Wi-Fi Direct options. A QR code is a unique matrix barcode containing information about the item to which the QR code is attached.

QR codes allow you to quickly and easily enroll devices and optionally connect to a Wi-Fi supported wireless network, regardless of location as long as the generated QR code contains the correct network Wi-Fi credentials.

QR code enrollment begins with a device plus-sign (+) gesture that activates the device’s camera in QR code recognition mode. Once a QR code is recognized, a Wi-Fi connection is established and enrollment begins. If there are no Wi-Fi credentials within the QR-code, then the device user is prompted to provide them, as these are the Wi-Fi connection credentials used during device enrollment in Device Owner (DO) mode. The QR code profile configuration is defined within the KME console’s Device Owner profile settings screen by selecting the ADD QR CODE button that is only available for Android 10 devices.

By default, the QR code is only used for devices uploaded by resellers, but there is an option for non-reseller uploads as well. Consider non-reseller uploads to reduce the dependency of reseller involvement and the use of the Knox Deployment App (KDA).

If adding a Wi-Fi network configuration to the QR code, define the security option as None, WEP, or WPA/WPA2. The QR code contains the profile ID, country, and an optional Wi-Fi SSID and password, all in a non-encrypted JSON format. Therefore, QR codes should only be shared with trusted admins.

The Samsung Knox team recommends enabling wireless isolation on the network’s access point or router resource when adding a Wi-Fi configuration to a QR code. Enabling wireless isolation restricts a wireless computer from accessing other computers connected to the local network, effectively isolating that device on the network. The means to enable wireless isolation differs depending on the router or access point manufacturer. Refer to the documentation available from the manufacturer for their specific instructions on enabling wireless isolation.

For information on configuring a KME DO profile supporting QR code enrollment, go to: https://docs.samsungknox.com/KME-Getting-Started/Content/create-profiles.htm